Logstash http output user password

katara · May 7, 2020, 11:43am

I am receiving log data from TCP and sending it to a https url as json using logstash.

Here is my configuration

input {
tcp {
port => 8443
codec => json_lines { charset => CP1252 }
}
}
output {
http
{
format=>"json"
http_method=>"post"
url=>"Domain Available | MicroStrategy"
headers =>{
user=> "username"
password => "password"
}
}
}

and im receiving the below error:

[HTTP Output Failure] Could not fetch URL {:url=>"Domain Available | MicroStrategy", :headers=>{"username","password", "Content-Type"=>"application/json"}, :message=>"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", :class=>"Manticore::ClientProtocolException", :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:37:in block in initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:79:in call'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-http-5.2.4/lib/logstash/outputs/http.rb:239:in send_event'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-http-5.2.4/lib/logstash/outputs/http.rb:175:in send_events'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-http-5.2.4/lib/logstash/outputs/http.rb:124:in multi_receive'", "org/logstash/config/ir/compiler/OutputStrategyExt.java:118:in multi_receive'", "org/logstash/config/ir/compiler/AbstractOutputDelegatorExt.java:101:in multi_receive'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:239:in block in start_workers'"], :will_retry=>true}

Im not sure if headers is the place to give the username and password of the url. Also, added the below for avoiding the cert error:

    ssl_certificate_validation => false
    verify_ssl => false

which gave me

[2020-05-07T04:48:03,430][ERROR][logstash.outputs.http ] Unknown setting 'verify_ssl' for http
[2020-05-07T04:48:03,435][ERROR][logstash.outputs.http ] Unknown setting 'ssl_certificate_validation' for http

How do i use http output here?
Is this the right way of giving user password to reach the url?
How can i avoind the certificate error.

Note: Running logstash in 7.2 in Linux

Badger · May 7, 2020, 3:59pm

I believe this is saying that the certificate for alert.com, or the ca thereof, is not in your truststore. It has nothing to do with the username and password.

katara · May 7, 2020, 4:13pm

@Badger,
Thank you for your time,
How can I ignore the certificate of the url?
While doing a curl I use a -k at the end as

Curl -u user:password https://url.com -k

To get a response. If I do not use a -k, I get a certificate error.

Also, just to clarify, the header and user password method is right? Is that how I should be including my credentials ?

Badger · May 7, 2020, 4:35pm

The elasticsearch output does not support insecure connections. Just use HTTP instead of TLS if you do not care about security.

ptamba · May 7, 2020, 5:17pm

there’s cacert option for http output plugin. since your cert is not trusted, you need to get the cacert locally and point the cacert option to the path where you store the cert.

also you need to pass the username and password in the way that it’s accepted by your webserver. probably need Authorization in header. you can pass the header in the header option of the http output as well

you can read the options available in the docs

katara · May 7, 2020, 5:22pm

@badger, I'm not sending this data to elasticsearch. I'm sending it to a monitoring tool which is a https connection, which I cannot avoid.

I have to have a https, can I bypass the security with
Ssl => false ?

katara · May 7, 2020, 5:26pm

@ptamba thank you for your help,
I'm so sorry, I'm not sure of how to use a Authorization in a header. Could you please guide me on what I can do?

What I have is a destination url and a username password. Should I make some conversion to the credentials to create this?

Please help me out with understanding this.

ptamba · May 7, 2020, 5:29pm

i’m sorry, but it really depends on http endpoint you sent the output to. there should be documentation in your http server on how to authenticate

katara · May 7, 2020, 5:38pm

The url when accessed normally will have an authentication page for username and password.
This will not come as a pop up but as a page. (Tried in a browser. )
@Badger @ptamba, which there after I can post with.

I'm not sure what kind of information this will require for me to decide this Authorization.

katara · May 8, 2020, 7:11pm

@Badger @ptambam
I managed to create an authorization with @badger's different answer
here

My config is now

output
{
http
{
format=>"json"
http_method=>"post"
url=>"https://zenossprod.lsk12.com/zport/dmd/evconsole_router"
cacert => "/opt/cert/cert.crt"
headers => {
"Authorization" => "Basic RUxLOldlbGNvbWUxMjMgaHR0cHMbWQvZXZjb25zb2xlX3JvdXRlcg=="
}
}
stdout { codec => rubydebug }
}

But I'm still getting the certificate error,
message=>"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",

I also tried with pem and cer type certificates. None of it works,

Please help me resolve it.

system · June 5, 2020, 7:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.